A U.S. Government department threw away IT components worth $170,000 including printers, computer mice and keyboards, in an effort to root out a “sophisticated” and “persistent” malware threat which did not exist.
The destruction only stopped because of budgetary restrictions – staff had planned “destruction of its remaining IT components, valued at over $3 million,” an official report into the incident concluded.
The Economic Development Administration believed that it was facing “a sophisticated cyber attack” using “extremely persistent malware” – after miscommunication between departments led staff to believe that 146 components were infected by malware. The correct figure was two. An email listing the total number of components in the department was misconstrued as listing the number of infected components, a report said.
A series of miscommunications between the EDA and the Department of Commerce Computer Incident Response Team led to EDA staff vastly overestimating the scope of the threat, a U.S. Government report into the incident concluded. The EDA report into the incident described the organization’s response as “unwarranted.”
“EDA’s CIO concluded that the risk, or potential risk, of extremely persistent malware and nation-state activity (which did not exist) was great enough to necessitate the physical destruction of all of EDA’s IT components,” the report says.
“EDA initially destroyed more than $170,000 worth of its IT components,including desktops, printers, TVs, cameras, computer mice, andkeyboards. By August 1, 2012, EDA had exhausted funds for this effort and therefore halted the destruction of its remaining IT components, valued at over $3 million.”
An outside contractor found “common malware but no nation-state activity or extremely persistent malware,” the report said. The incident cost $2.747 million in lost equipment, and fees for recovery solutions – half the department’s IT budget. EDA systems, including email, were also offline for two months in early 2012.
“On January 24, 2012—believing it had a widespread malware infection—EDA requested the Department isolate its IT systems from the HCHB network,” the report says. “This action resulted in the termination of EDA’s operational capabilities for enterprise e-mail and Web site access, and regional office access to database applications and information residing on servers connected to the HCHB network,” the report says.
Author Rob Waugh, We Live Security